Digital data file encryption apparatus and method

ABSTRACT

According to an embodiment, the invention provides a method for decrypting content, the comprising: receiving the content without a source encryption key from a source device connected to the electric reproducing device, the content having been encrypted with the source encryption key in the source device; performing a first addition operation by using a first device internal key and an ID, the first device internal key being associated with the electric reproducing device; generating a device encryption key based on an output of the first addition operation and a second device internal key by using a predetermined encryption algorithm, wherein the second device internal key is associated with the electric reproducing device; decrypting the content using the device encryption key; decoding the decrypted content; and outputting the decoded content.

CROSS REFERENCE TO RELATED APPLICATIONS

This is a Continuation of pending U.S. application Ser. No. 11/979,690filed on Nov. 7, 2007, which is a Divisional Application of U.S.application Ser. No. 09/499,633 filed on Feb. 8, 2000 (now U.S. Pat. No.7,324,974), which claims priority under 35 U.S.C. §119(a) to PatentApplication No. 4483/1999 and No. 4493/1999 filed in the Republic ofKorea on Feb. 9, 1999, respectively. The entire contents of all theseapplications is hereby incorporated by reference in their entirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates in general to preventing a program, whichhas been transmitted through a computer communication network such asthe Internet, from being illegally reproduced. More particularly, theinvention relates to an apparatus and method for encrypting a digitaldata file in such a manner that the digital data file cannot bedecrypted even if the encrypted data file is intercepted while beingdownloaded to a digital data player.

2. Description of the Related Art

MP3 (shorthand for MPEG-1 Layer 3 Audio) is one of various availabledigital data formats for audio data. An MP3 player is a new notional,portable digital device capable of readily downloading and reproducingdesired data from a computer communication network using an audio datacompression coding technique prescribed in MPEG-1 Layer 3. The MP3player has few faults and excellent sound quality because it stores afile in the form of digital data. Further, the MP3 player is small insize and light in weight, thereby assuring high portability such that auser can carry it even during his physical exercise. For these reasons,this product is a viable alternative to a portable cassette taperecorder and compact disk (CD) player.

With reference to FIG. 1, there is shown in block form a conventionalarrangement of a digital data player and associated peripheral devices.In this drawing, the reference numeral 10 denotes a digital data serverwhich assigns an identification (ID) number and password (PWD) to apersonal computer 20 for user registration, and which also transmits adigital data player 22 in software form to the personal computer 20.Upon receiving a file supply request from the user, the digital dataserver 10 identifies the user on the basis of an ID number and passwordentered by him and supplies an encrypted digital data file to the userin accordance with this identification. The personal computer 20 storesthe digital data file supplied from the digital data server 10 on a harddisk 21 therein and decrypts it through the downloaded software player22 to reproduce the resultant unencrypted digital data file or todownload it to a digital data playing device 30. The digital dataplaying device 30 downloads the unencrypted data file from the personalcomputer 20 and stores it in a memory unit 40 for the reproductionthereof. The memory unit 40 downloads the unencrypted digital data filefrom the digital data playing device 30 and stores it in its internalmemory 42 to output the file for a desired playing operation.

The operation of the conventional arrangement with the above-mentionedconstruction will now be described.

In order to legally receive a desired digital data file from the digitaldata server 10, the user has to register with a digital data filesupplier. During user registration, the user is assigned with an IDnumber and password from the digital data file supplier. Then, the userdownloads a digital data player 22 in software form from the digitaldata server 10 through a communication network and installs thedownloaded digital data player 22 in the personal computer 20.

Thereafter, to download a desired digital data file from the digitaldata server 10 through the personal computer 20 and a communicationnetwork, the user transmits his ID number and password to the digitaldata server 10 through the personal computer 20 and communicationnetwork. The digital data server 10 identifies the user on the basis ofthe transmitted ID number and password and supplies the desired digitaldata file to the user in accordance with the identification. At thistime, the digital data server 10 encrypts the digital data file usingthe user's ID number as an encryption key and transmits the encrypteddigital data file to the personal computer 20.

The personal computer 20 stores the digital data file transmitted fromthe digital data server 10 on the hard disk 21. Then, upon receiving areproduction request from the user, the personal computer 20 decryptsand reproduces the stored digital data file via the digital datasoftware player 22. As a result, the user is able to listen to desiredmusic through the personal computer 20.

On the other hand, if the user intends to listen to music in a digitaldata file form using the portable digital data playing device 30, thenthe personal computer 20 decrypts the digital data file, stored on thehard disk 21 with the digital data software player 22, and sends thedecrypted digital data file to the digital data playing device 30through a download unit 23 therein and a communication network.

Then, the digital data playing device 30 stores the digital data file,sent along the above path, in the memory 42 of the memory unit 40, whichis typically in the form of a removable card. If the user requests thedigital data player 30 to reproduce the digital data file stored in thememory 42, then the digital data player 30 reads the stored digital datafile from the memory 42 and reproduces it through a decoder 32 therein.As a result, the user can listen to desired music anywhere using thedigital data player 30.

However, the above-mentioned conventional arrangement has a disadvantagein that the digital data file may be intercepted from the communicationnetwork during downloading from the personal computer to the digitaldata playing device (or from the digital data playing device to thememory card) in an unencrypted condition. Such an interception of theunencrypted digital data file makes it impossible to protect thecopyright of a music copyright holder and music copyright associates(for example, a music producer and planner taking charge of musicproduction, duplication and distribution).

SUMMARY OF THE INVENTION

Therefore, the present invention has been made in view of the aboveproblem, and it is an object of the present invention to provide anapparatus and method for encrypting a digital data file in such a mannerthat an unencrypted digital data file cannot be intercepted in theprocess of being downloaded from a personal computer to a digital dataplayer and, in turn, from the digital data player to a memory card.

It is another object of the present invention to provide a digital datafile encryption apparatus and method which are capable of encrypting anencryption key itself in such a manner that, even when the encryptionkey is extracted from an encrypted digital data file, the key cannot bedecrypted and the digital data file cannot thus be decrypted.

In accordance with one aspect of the present invention, there isprovided an encryption apparatus for decrypting an encrypted digitaldata file from a server, including a digital data playing device forreceiving the encrypted digital data file, storing the encrypted digitaldata file in a data storage medium, and decrypting the stored digitaldata file using an encryption key, wherein the encryption key isgenerated on the basis of an identification number of the data storagemedium or an identification number of the digital data playing device.

In accordance with another aspect of the present invention, there isprovided a method for encrypting or decrypting a digital data file,including adding a first internal key to an identification number of adigital data player or an identification number of a data storage mediumassociated therewith, thereby generating a first encryption key; andencrypting or decrypting the digital data file based on the firstencryption key.

In accordance with another aspect of the present invention, there isprovided a program (or script) embodied on a computer-readable mediumfor encrypting or decrypting a digital data file, thecomputer-readable-medium-embodied program including a first program codesegment to input an identification number of a digital data player or adata storage medium associated with the digital data player; a secondprogram code segment to add a first internal key to the inputtedidentification number to convert the identification number into a firstencryption key; and a third program code segment to encrypt or decrypt adigital data file based on the first encryption key.

In accordance with another aspect of the present invention, there isprovided an electric reproducing device for decrypting content, theelectric reproducing device comprising: a receiver; a decoder; an outputunit; and a processor configured to control the electric reproducingdevice to: receive the content, through the receiver, without a sourceencryption key from a source device connected to the electricreproducing device, the content having been encrypted with the sourceencryption key in the source device, wherein the source device isconfigured to perform an authenticating operation with the electricreproducing device by using an identifier (ID) associated with at leastone of the electric reproducing device and a storage medium of theelectric reproducing device, perform a first addition operation by usinga first device internal key and the ID, the first device internal keybeing associated with the electric reproducing device, generate a deviceencryption key based on an output of the first addition operation and asecond device internal key by using a predetermined encryptionalgorithm, wherein the second device internal key is associated with theelectric reproducing device, decrypt the content using the deviceencryption key, wherein the source encryption key is identical to thedevice encryption key, the source encryption key being independentlygenerated in the source device, control the decoder to decode thedecrypted content, and output the decoded content through the outputunit.

In accordance with another aspect of the present invention, there isprovided a method for decrypting content, the method being performed byan electric reproducing device and comprising: receiving the contentwithout a source encryption key from a source device connected to theelectric reproducing device, the content having been encrypted with thesource encryption key in the source device, wherein the source device isconfigured to perform an authenticating operation with the electricreproducing device by using an identifier (ID) associated with at leastone of the electric reproducing device and a storage medium of theelectric reproducing device; performing a first addition operation byusing a first device internal key and the ID, the first device internalkey being associated with the electric reproducing device; generating adevice encryption key based on an output of the first addition operationand a second device internal key by using a predetermined encryptionalgorithm, wherein the second device internal key is associated with theelectric reproducing device; decrypting the content using the deviceencryption key, wherein the source encryption key is identical to thedevice encryption key, the source encryption key being independentlygenerated in the source device; decoding the decrypted content; andoutputting the decoded content.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other objects, features and advantages of the presentinvention will be more clearly understood from the following detaileddescription taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 is a block diagram of a conventional arrangement of a digitaldata player and the associated peripheral devices;

FIG. 2 is a block diagram of a digital data file encryption apparatusfor a digital data player in accordance with an embodiment of thepresent invention; and

FIG. 3 is a block diagram illustrating a method for encrypting anddecrypting a digital data file in a digital data player in accordancewith an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

With reference to FIG. 2, there is shown in block form the constructionof a digital data file encryption apparatus for a digital data player inaccordance with the present invention. The operation of the digital datafile encryption apparatus according to the present invention willhereinafter be described in detail.

First, the user must register with a digital data file supplier tolegally receive a desired digital data file from a digital data server110. During user registration, the user is assigned with an ID numberand password (PWD) from the digital data file supplier. Then, the userdownloads a digital data player 122 in a software form from the digitaldata server 110 through a communication network and installs thedownloaded digital data player 122 in a personal computer 120. Anencryption/decryptor 123 and the encryption/download unit 124, also insoftware form, may be downloaded and installed in the personal computer120 at the same time as the player 122, if they have not been previouslyinstalled.

Thereafter, the user transmits his ID number and password to the digitaldata server 110 through the personal computer 120 and communicationnetwork to download a desired digital data file from the digital dataserver 110. The digital data server 110 identifies the user on the basisof the transmitted ID number and password and supplies the desireddigital data file to the user in accordance with the identified result.At this time, the digital data server 110 encrypts the digital data fileusing the user's ID number as a first encryption key and transmits theencrypted digital data file to the personal computer 120. The personalcomputer 120 stores the digital data file transmitted from the digitaldata server 110 on a hard disk 121 therein. Then, upon receiving areproduction request from the user, the personal computer 120 decryptsand reproduces the stored digital data file through the digital datasoftware player 122 using the first encryption key. As a result, theuser can listen to desired music through the personal computer 120.

On the other hand, when the user intends to listen to music in a digitaldata file form using a digital data playing device 130, the personalcomputer 120 reads an ID number of a removable data storage medium 140(or of the playing device 130, or some combination thereof) through thedigital data playing device 130 and an interconnecting communicationnetwork and generates a second encryption key on the basis of the readID number. At this time, the digital data playing device 130 generatesthe same second encryption key using the ID number of the data storagemedium 140 (or playing device 130), in a similar manner as the personalcomputer 120.

In the personal computer 120, an encryption/decryptor 123 decrypts thedigital data file, which is stored on the hard disk 121, using the firstencryption key. An encryption/download unit 124 re-encrypts thedecrypted digital data file from the encryption/decryptor 123 using thesecond encryption key and sends the re-encrypted digital data file tothe digital data playing device 130 through the communication network.

The digital data playing device 130 stores the re-encrypted digital datafile downloaded from the personal computer 120 in a memory 142 of theremovable data storage medium 140. If the user requests the digital dataplaying device 130 to reproduce the digital data file stored in thememory 142, then the digital data playing device 130 reads the storeddigital data file from the memory 142 and reproduces it through adecoder 132 therein. At this time, the digital data file read from thedata storage medium 140 has to be decrypted for the reproduction usingthe second encryption key.

To this end, in the digital data playing device 130, a microcomputer 131decrypts the digital data file read from the data storage medium 140using the second encryption key generated on the basis of the ID numberof the data storage medium 140 and outputs the decrypted digital datafile to an output line through the decoder 132.

As a result, the user can listen to desired music anywhere using thedigital data playing device 130, and interception of the unencrypteddigital data file can be prevented during downloading.

There may be various methods for generating the encryption key using theID number of the data storage medium 140. For example, a 16-byteencryption key (E-K) may be generated including three bytes representinga manufacturing company name, twelve bytes representing a serial number(SN) of the data storage medium 140 and one byte arbitrarily set in thesystem. A similar method may be used for generating an E-K using theplaying device 130. As shown in FIG. 2, the 16-byte E-K generated by theplaying device 130 may be transmitted to the encryption/download unit124 through the interconnecting communication network and used toencrypt the data from the encryption/decryptor 123.

FIG. 3 is a block diagram illustrating a method for encrypting anddecrypting a digital data file in a digital data player in accordancewith the present invention. First, a portable MP3 playing device 2 isconnected to a personal computer 1 via an interface (not shown) todownload a desired digital data file from the personal computer 1. Thenthe personal computer 1 requests and inputs information regarding an IDnumber 7 (serial number) of the MP3 playing device 2 or the associatedmemory (not shown) using a control command based on a communicationconvention between the two devices.

The personal computer 1 utilizes the inputted ID number 7 of the MP3playing device 2 or its media as a user authentication number, resultingin no need for a separate user authentication process. In order toprevent hacking (i.e., circumvention of the authentication by way ofsoftware), the personal computer 1 adds a first internal key 3 based ona convention between the two devices (or based on an initiation numberassociated with the personal computer 1 or the MP3 playing device 2) tothe inputted ID number 7 in order to convert the inputted ID number 7into an encryption key. In this manner, the ID number of the MP3 playingdevice 2 or the associated memory can be used as an encryption key.Although one first internal key is described, two or more first internalkeys 3 may be used according to the convention between the two devicesto make decryption more difficult.

It should be noted that a converted encryption key has conventionallybeen used to encrypt a digital data file. However, in the presentinvention, the converted encryption key itself is encrypted according toan encryption algorithm 5 applied with a second internal key 4 based onthe convention between the two devices. Then the encrypted key is usedto encrypt a digital data file.

Although a key encryption algorithm, not a file encryption algorithm,may be applied to encrypt the encryption key, it is preferred that thefile encryption algorithm 5 be applied in consideration of low-executioncapability of a microprocessor (not shown) used in the portable MP3playing device 2. Use of the file encryption algorithm 5 results in areduction in size of a program memory for algorithm storage and anincrease in processing efficiency. Because the ID number 7 of thestorage medium or playing device is added with the first internal key 3and the resultant encryption key is encrypted according to theencryption algorithm 5 based on the second internal key 4 in the abovemanner, it is impossible to recognize the encryption key itself duringtransmission from the computer 1 to the playing device 2. A subsequentoperation is performed by encryption algorithm 5 in a conventionalmanner to encrypt a digital data file using the encrypted encryption keyand send the encrypted digital data file to the portable MP3 playingdevice 2.

In the same manner as the personal computer 1, the portable MP3 playingdevice 2 generates the same encrypted encryption key by adding the firstinternal key 3 to the ID number 7 of the device (or memory) andencrypting the resultant encryption key according to the encryptionalgorithm 5 using the second internal key 4. Then, upon receiving theencrypted digital data file from the personal computer 1, the portableMP3 player 2 decrypts the received digital data file according to adecryption algorithm 6 based on the encrypted encryption key and outputsthe resultant decrypted MP3 file through a decoder 8.

As apparent from the above description, according to the presentinvention, both the personal computer and digital data player generatethe same encryption key using an ID number 7 of the memory card (or ofthe MP3 player). A digital data file is encrypted on the basis of thegenerated encryption key in such a manner that it interception of anunencrypted data file can be prevented during downloading. Inparticular, the encryption key itself is encrypted. Therefore, even whenthe encryption key is extracted during transmission, it cannot bedecrypted, and the digital data file can thus be prevented from beinghacked (i.e., decoded using an illicitly obtained encryption key).

Although the preferred embodiments of the present invention have beendisclosed for illustrative purposes, those skilled in the art willappreciate that various modifications, additions and substitutions arepossible, without departing from the scope and spirit of the inventionas disclosed in the accompanying claims.

1. An electric reproducing device for decrypting content, the electricreproducing device comprising: a receiver; a decoder; an output unit;and a processor configured to control the electric reproducing deviceto: receive the content, through the receiver, without a sourceencryption key from a source device connected to the electricreproducing device, the content having been encrypted with the sourceencryption key in the source device, wherein the source device isconfigured to perform an authenticating operation with the electricreproducing device by using an identifier (ID) associated with at leastone of the electric reproducing device and a storage medium of theelectric reproducing device, perform a first addition operation by usinga first device internal key and the ID, the first device internal keybeing associated with the electric reproducing device, generate a deviceencryption key based on an output of the first addition operation and asecond device internal key by using a predetermined encryptionalgorithm, wherein the second device internal key is associated with theelectric reproducing device, decrypt the content using the deviceencryption key, wherein the source encryption key is identical to thedevice encryption key, the source encryption key being independentlygenerated in the source device, control the decoder to decode thedecrypted content, and output the decoded content through the outputunit.
 2. The electric reproducing device of claim 1, wherein the sourceencryption key is generated by the source device using the ID and afirst source internal key and a second source internal key, the firstsource internal key and the second source internal key being associatedwith the source device to encrypt the content in the source device. 3.The electric reproducing device of claim 2, wherein the first and secondsource internal keys are included in the source device and the first andsecond device internal keys are included in the electric reproducingdevice.
 4. The electric reproducing device of claim 1, wherein theprocessor is further configured to transmit the ID to the source device.5. A method for decrypting content, the method being performed by anelectric reproducing device and comprising: receiving the contentwithout a source encryption key from a source device connected to theelectric reproducing device, the content having been encrypted with thesource encryption key in the source device, wherein the source device isconfigured to perform an authenticating operation with the electricreproducing device by using an identifier (ID) associated with at leastone of the electric reproducing device and a storage medium of theelectric reproducing device; performing a first addition operation byusing a first device internal key and the ID, the first device internalkey being associated with the electric reproducing device; generating adevice encryption key based on an output of the first addition operationand a second device internal key by using a predetermined encryptionalgorithm, wherein the second device internal key is associated with theelectric reproducing device; decrypting the content using the deviceencryption key, wherein the source encryption key is identical to thedevice encryption key, the source encryption key being independentlygenerated in the source device; decoding the decrypted content; andoutputting the decoded content.
 6. The method of claim 5, wherein thesource encryption key is generated by the source device using the ID anda first source internal key and a second source internal key, the firstsource internal key and the second source internal key being associatedwith the source device to encrypt the content in the source device. 7.The method of claim 6, wherein the first and second source internal keysare included in the source device and the first and second deviceinternal keys are included in the electric reproducing device.
 8. Themethod of claim 5, further comprising transmitting the ID to the sourcedevice.